Printable Version | Subscribe | Add to Favourites
New Topic New Reply
Author: Subject: Security issue with the site
ChrisW

posted on 21/6/22 at 07:40 PM Reply With Quote
Security issue with the site

Evening everyone

It has come to our attention that there was some malicious activity on the site last night. I assume it is obvious that the code that runs this site is pretty old now and whilst we have done a lot of work over the last 20 years (yes, the site really is 20 years old!) there are still issues lurking in the background that we have not spotted..

It is somewhat difficult to piece together exactly what has gone on but our best guess is that someone was able to inject SQL code to obtain hashed (aka obscured) versions of users passwords and from there build an authentic cookie allowing them to change user's profiles. It does not appear at this stage that anything particularly sensitive was changed, simply some mischief was caused. My long suffering friend Luke has done his best to reverse engineer the method they used and believes he has now fixed the issue.

Although the information that leaked was obscured the method the sites uses to do this is 20+ years old and as such isn't particularly secure with today's decryption methods. It is therefore potentially possible that the attacker would be able to reverse engineer your password.. Therefore, if you use the same password on other sites with the same email address and/or username we recommend that you change those passwords urgently.. I'm sure we have all heard the advice before to use a different password on every site but I am also sure not everyone follows that advice. If you are at all in doubt, for your own sake, please err on the side of caution.

Luke has very kindly offered to re-write the entire authentication system the site uses over the next few days to ensure that this cannot happen again. I will certainly be buying him a beer for his efforts; if you would like to contribute to that fund the button is at the top of the page.

Thanks for your understanding and support.

Chris





My gaff my rules

View User's Profile E-Mail User Visit User's Homepage View All Posts By User U2U Member This User Has MSN Messenger

New Topic New Reply


go to top






Website design and SEO by Studio Montage

All content 2001-16 LocostBuilders. Reproduction prohibited
Opinions expressed in public posts are those of the author and do not necessarily represent
the views of other users or any member of the LocostBuilders team.
Running XMB 1.8 Partagium [ 2002 XMB Group] on Apache under CentOS Linux
Founded, built and operated by ChrisW.